Security News > 2022 > August > APT Lazarus Targets Engineers with macOS Malware
North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware.
The malware is similar to a sample discovered by ESET in May, which also included a signed executable disguised as a job description, was compiled for both Apple and Intel, and dropped a PDF decoy, researchers said.
The most recent malware is signed July 21, according to its timestamp, which means it's either something new or a variant of the previous malware.
Operation In(ter)ception also has a companion Windows version of the malware dropping the same decoy and spotted Aug. 4 by Malwarebytes threat intelligence researcher Jazi, according to ESET. The malware used in the campaign also connects to a different command and control infrastructure than the malware discovered in May, https:[//]concrecapital[.
A similar campaign uncovered last year saw Lazarus impersonating defense contractors Boeing and General Motors and claiming to seek job candidates only to spread malicious documents.
Changing It Up. However, more recently Lazarus has diversified its tactics, with the feds revealing that Lazarus also has been responsible for a number of crypto heists aimed at padding the regime of Jong-un with cash.
News URL
https://threatpost.com/apt-lazarus-macos-malware/180426/
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)